views:

36

answers:

0

I have a dedicated server hosted on Rackspace Cloud, and this morning as I was casually checking the Security event log, I saw a series of successful Logon events that are troubling. It appears random IPs are successfully "logging in" to my server somehow. How is this possible? I have a very strong Administrator password. Am I overreacting here, or does it look like someone is accessing my server somehow? There are about 50 of these within an hour time span, from different IP addresses.

An account was successfully logged on.

Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0

Logon Type: 3

New Logon: Security ID: ANONYMOUS LOGON Account Name: ANONYMOUS LOGON Account Domain: NT AUTHORITY Logon ID: 0x20a394 Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information: Process ID: 0x0 Process Name: -

Network Information: Workstation Name: ATBDMAIN2 Source Network Address: 76.164.41.214 Source Port: 36183

Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V1 Key Length: 128